问题描述
执行摘要:如何使用Java代码将新的根证书安装到Java中?
Executive summary: how do I install a new root certificate into Java using Java code?
我们有一个桌面应用程序可以访问各种Web服务。最近其中一人将他们的SSL证书改为由Trustwave签署的证书。虽然常规Internet浏览器接受Trustwave SSL证书,但Java似乎没有先决条件根证书,并且我们失去了对给定Web服务的访问权限,并显示以下错误消息:
We have a desktop application which accesses various web services. Recently one of them switched their SSL certificate to one signed by Trustwave. While the Trustwave SSL certificates are accepted by regular internet browsers, Java does not seem to come with the prerequisite root certificates, and we lost access to the given web service with the following error message:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我们通过说服提供商切换回Verisign但是当他们切换时暂时缓解我们必须做好准备。所以我需要我们的桌面软件根据需要自动安装Trustwave根证书。我们的客户对于使用keytool命令不够科技,我宁愿不编写脚本,因为这让我觉得它是一个脆弱的解决方案(Mac和PC的单独实现,对Vista执行限制的斗争,无法找到正确的JRE安装到等等。)
We got a temporary reprieve by convincing the provider to switch back to Verisign but when they switch back we have to be ready. So I need our desktop software to automatically install the Trustwave root certificate as needed. Our customers are not tech savvy enough to use the keytool command and I would rather not script it since that strikes me as a fragile solution (separate implementations for Mac and PC, the struggle against Vista execution restrictions, trouble finding the correct JRE to install into, etc).
我认为keytool在内部使用Java。我可以在Java中使用什么命令来复制keytool的功能并以编程方式安装根证书?
I imagine the keytool uses Java internally. What command could I use within Java to replicate the functionality of keytool and install the root certificate programmatically?
推荐答案
我不知道如果可能,但您可以实现自己的TrustManager以允许此连接或此CA. 是基础知识。
I don't know if that is possible, but you could implement your own TrustManager to allow this connection or this CA. Here are the basics.
这篇关于如何在不使用keytool命令行实用程序的情况下导入新的Java CA证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!